Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCSP > Vocabulary > Flashcards

Vocabulary Flashcards

1
Q

access control

A

Sum of all the technologies, process and personnel that are responsible for controlling access to resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

account deprovisioning

A

the process of removing access and disabling an account when a user no longer requires access to cloud resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

account hijacking

A

an occurrence when an unauthorized party gains access to and takes over a privileged account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

account provisioning

A

the process of creating user accounts and enabling access to cloud resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

address allocation

A

the process of assigning one or multiple IP address to a cloud resource; this can be done either dynamically or statically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

adverse event

A

an event that comes with negative consequences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

aggregate risk

A

the combined risk of multiple individual security flows or vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

agile

A

an SDLC methodology in which development and testing activities occur simultaneously, cyclically and iteratively

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

anonymization

A

the process of removing information that can be used to identify a special individual from a dataset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Application Programming Interface (API)

A

a software-to-software communication link that allows two applications, such as a client and a server, to interact with one another over the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

application virtualiation

A

the process of encapsulating (or bundling) an application into a self-contained package that is isolated from the underlying operating system on which it is executed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

applistructure

A

includes the applications that are deployed in the cloud and the underlying services used to build them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

artificial intelligence (AI)

A

the field devoted to helping machines process things in a smart manner; AI involves giving machines the ability to imitate intelligent human behavior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

asymmetric-key (public-key) encryption

A

a form of encryption that operates by using two keys one public and one private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

audit planning

A

conducted at the very beginning of the audit process and includes all the steps necessary to ensure the audit is conducted thoroughly, effectively and in a timely fashion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

audit report

A

a set of documents and artifacts that describe the findings from an audit and explain the audit’s opinion of the system that was examined

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

audit scope

A

a set statement that identifies the focus, boundary and extent of an audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

audit scope restrictions

A

a set of restrictions on what an auditor may and may not audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

authentication

A

the process of validating a user’s identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

authenticator

A

things used to verify a user’s identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

authorization

A

the process of granting access to a user based on their authenticated identity and the policies you’ve set for them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

availability

A

security principle focused on ensuring that authorized users can access required data when and where they need it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

availability management

A

the process of ensuring that the appropriate people, processes and systems are in place in order to sustain sufficient service availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

bandwidth allocation

A

the process of sharing network resources fairly between multiple users that share the cloud network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Bastion host

A

a system that runs outside your security zone that is generally designed to serve a single purpose (such as connecting to the management zone) and has been extremely hardened for enhanced security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

block box testing

A

a software testing method in which the internal design of the component being tested is not known by the tester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

blockchain

A

a string of digital information that is chained together by cryptography; each block of information contains a cryptographic has of the pervious block, transaction data and a timestamp

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

breakout attack

A

a hypervisor security flaw that can allow one guest to break out of their virtual machine and manipulate the hypervisor in order to gain access to other cloud tenants

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

broad network access

A

the cloud characteristic that suggests that cloud computing should make resources and data ubiquitous and easily accessed when and where they’re required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

broken authentication

A

a vulnerability that allows an attacker to capture or bypass an application’s authentication mechanisms; broken authentication allows the attacker to assume the identity of the attacked user, thus granting the attacker the same privileges as that user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Building Management System (BMS)

A

a hardware and software control system that is used to control and monitor a building’s electrical mechanical and HVAC systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

business continuity (BC)

A

the policies, procedures and tools you put in place to ensure critical business functions continue during and after a disaster or crisis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Canadian digital privacy act

A

a 2015 Canadian regulation that served as a major update to the long-standing Personal Information Protection and Electronic Documents Act (PIPEDA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

capacity management

A

the process of ensuring that the required resource capacity exists, at all times, to meet or exceed business and customer needs, as defined in SLAs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

cardholder data

A

a specific subset of PII that is related to holders of credit or debit cards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

chain of custody

A

the process of maintaining and documenting the chronological sequence of possession and control of physical or electronic evidence, from creation until its final use (often presentation in court)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

change management

A

an IT discipline focused on ensuring that organizations employ standardized processes and procedures to make changes to their systems and services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

checksum

A

a value derived from a piece of data that uniquely identifies that data and is used to detect changes that might have been introduced during storage or transmission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

cia triad

A

the three primary security principles: confidentiality, integrity and availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

client-side kms

A

a key management service that is provided by the CSP, but the customer generates, holds and manages the keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

cloud access security broker (CASB)

A

a software application that sits between cloud users and cloud services and applications, while actively monitoring all cloud usage and implementing centralized controls to enforce security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

cloud application

A

an application that is accessed via the Internet rather than installed and accessed locally

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

cloud auditor

A

a cloud service partner who is responsible for conducting an audit of the use of cloud services; the audit may be for general security hygiene, but is often for legal or compliance purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

cloud service

A

capabilities made available to a cloud user by a cloud provider through a published interface (a management console or command line, for example)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Cloud Controls Matrix (CCM)

A

a meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations; published by the Cloud Security Alliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

cloud data portability

A

the ability to easily move data from one cloud provider to another

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

cloud deployment model

A

the way in which cloud services are made available through specific configurations that control the sharing of cloud resources with cloud users; the cloud deployment models are public, private, community and hybrid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

cloud resources

A

compute, storage and networking capabilities that a cloud provider shares with a cloud user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

cloud service broker

A

a cloud service partner who negotiates relationships between cloud service providers and cloud service customers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

cloud service category

A

a collection of cloud services that share a common set of features or qualities; cloud service categories are labelled XaaS; the most common cloud service categories are IaaS, PaaS and SaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

cloud service customer

A

a person or group that is in a business relationship to provision and use cloud services from a cloud service provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

cloud service customer data

A

any data objects under the control of the cloud service customer that were input to the cloud service by the cloud customer or generated by the cloud service on behalf of the cloud customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

cloud service derived data

A

any data objects under the control of the cloud service provider that were derived by interaction of the cloud customer with the cloud service; may include access logs, utilization information and other forms of metadata (data about data)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

cloud service partner

A

a person or group that supports the provision, use or other activities of the cloud service provider, the cloud service customer or both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

cloud service provider (CS)

A

an entity making cloud services available for use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

cloud service provider data

A

any data objects related to the operation of the cloud service that are fully under the control of the cloud service provider; may include cloud service operational data, information generated by the cloud service provider to provide services, and similar data not owned or related to any specific cloud customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

cloud service user

A

a person or entity (which may be a device, for example) that uses cloud services on behalf of the cloud service customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

colocation datacenter

A

a shared datacenter that leases out equipment and bandwidth to companies

59
Q

common criteria

A

a set of guidelines that establishes processes for products to be evaluated by independent laboratories to determine their level of security

60
Q

community cloud

A

a cloud deployment model where cloud services are provided to a group of cloud service customers with similar requirements; it is common for a least one member of the community to control the cloud resources for the group

61
Q

confidentiality

A

security principle that entails limiting access to data to authorized users and systems; in other words, confidentiality prevents exposure of information to anyone who is not an intended party

62
Q

configuration management

A

the process of tracking and controlling configuration changes to systems and software

63
Q

containers

A

a cloud technology that involves logically decoupling an application from its environment so that the containerized application can be developed, deployed and run consistently in different environments (public cloud, private cloud or personal laptop)

64
Q

continual service improvement management

A

a lifecycle of constantly improving the performance and effectiveness of IT services by collecting data and learning from the past

65
Q

continuity management

A

the process of ensuring that a CSP is able to recover and continue providing service to its customers, even amidst security incidents or during times of crisis

66
Q

contract management

A

the process of managing contract negotiation, creation and execution to reduce risk and maximize performance

67
Q

control plane

A

the part of the cloud environment that carries information necessary to establish and control the flow of data through the cloud; enables management of the cloud’s infrastructure and data security

68
Q

cross-site scripting (XSS)

A

a specific variant of an injection attack that targets web applications by injecting malicious code

69
Q

crypto-shredding

A

the process of encrypting data and then destroying the keys so that the data cannot be recovered

70
Q

cryptographic module

A

any hardware, software

71
Q

Cryptography

A

the science of encrypting and decrypting information to protect its confidentiality and/or integrity

72
Q

cryptojacking

A

a form of malware that steals computing resources and uses them to mine for Bitcoin or other cryptocurrencies

73
Q

cryptoprocessor

A

a dedicated chip that carries out cryptographic operations

74
Q

dashboard

A

a single graphical view of multiple alerts and datapoints

75
Q

data archiving

A

the process of removing information from production systems and transferring it to other, longer term storage systems

76
Q

data-at-rest

A

data that is stored on a system or device and not actively being read, written to, transmitted or processed

77
Q

data breach

A

an incident that occurs when an unauthorized party gains access to confidential or protected data; this access can include any type of data, with the key factor being the fact that it is viewed, retrieved or otherwise accessed by someone who shouldn’t have access

78
Q

data classification

A

the process of categorizing and organizing data based on level of sensitivity or other characteristics

79
Q

data custodian (data processor)

A

an individual that process the data on behalf of the data owner; the data custodian is responsible for adhering to the data owner’s established requirements for using and securing the data and must process the data in accordance with the data owner’s established purposes

80
Q

data de-identification

A

the process of removing information that can be used to identify a specific individual from a dataset

81
Q

data dispersion

A

the process of replicating data throughout a distributed storage infrastructure that can span several regions, cities or even countries around the world

82
Q

data-in-transit (data-in-motion)

A

data that is actively being transmitted across a network or between multiple networks

83
Q

data-in-use

A

information that is actively being processed by an application

84
Q

data localization law 526-fz

A

a Russian law established in 2015 that mandates that all personal data of Russian citizens be stored and processed on systems that are located within Russia

85
Q

data loss prevention (DLP)

A

a set of technologies and practices used to identify and classify sensitive data, while ensuring that sensitive data is not lost or accessed by unauthorized parties

86
Q

data owner (data controller)

A

the individual who holds the responsibility for dictating how and why data is used, as well as determining how the data must be secured

87
Q

data portability

A

the ability to easily move data from one system to another, without needing to re-enter the data

88
Q

data retention policy

A

an organization’s established set of rules around holding on to information

89
Q

data subject

A

the person whose data is being used

90
Q

data tampering

A

an attack on the integrity of data by intentionally and maliciously manipulating data

91
Q

decryption

A

the process of using an algorithm (or cipher) to convert ciphertext into plaintext (or the original information)

92
Q

defense-in-depth

A

applying multiple, distinct layers of security technologies and strategies for greater overall protection

93
Q

degaussing

A

a data erasure method that involves using strong magnets to destroy data on magnetic media like hard drives

94
Q

deserialization

A

reconstructing a series of bytes into its original format (like a file)

95
Q

digital forensics

A

a branch of forensic science that deals with the recovery, preservation and analysis of digital evidence associated with cybercrimes and computer incidents

96
Q

digital rights management (DRM)

A

processes focused on protecting intellectual property throughout its distribution lifecycle

97
Q

digital signature

A

a piece of information that asserts or proves the identity of a user using public-key encryption

98
Q

direct identifiers

A

pieces of information that can be used on their own to identify an individual; SSN is a perfect example of this, because there is a 1:1 assignment of Social Security Number to human being

99
Q

directory service

A

a relational hierarchy of cloud identities that manages the storage and processing of information, an acts as the single point through which cloud users can locate and access cloud resources

100
Q

disaster recover (DR)

A

a subset of business continuity focusing on recovering you IT systems that are lost or damaged during a disaster

101
Q

distributed denial of service (DDoS)

A

a coordinated attack by multiple compromised machines causing disruption to a system’s availability

102
Q

distributed IT model

A

a computing model in which components of your information systems are shared among multiple computers and locations to improve performance and efficiency

103
Q

distributed resource scheduling (DRS)

A

a feature that enables clustered environments to automatically distribute workloads across physical hosts in the cluster

104
Q

domain name system security extensions (DNSSEC)

A

a set of security extensions to standard DNS that support the validation of the integrity of DNS data; DNSSEC can help prevent DNS hijacking, DNS spoofing and man-in-the-middle attacks

105
Q

durability

A

the concept of using data redundancy to ensure that data is not lost, compromised or corrupted

106
Q

Dynamic Application Security Testing (DAST)

A

also known as dynamic code analysis, this form of testing involves assessing the security of code during its execution

107
Q

Dynamic Host Configuration Protocol

A

a protocol that assigns and manages IP addresses, subnet masks, and other network parameters to each device on a network

108
Q

dynamic masking

A

the process of masking sensitive data as it is used in real-time, rather than creating a separate masked copy of the data

109
Q

dynamic optimization (DO)

A

the automated process of constantly reallocating cloud resources to ensure that no physical host or its resources become overutilized while other resources are available or underutilized

110
Q

e-discovery (electronic discovery)

A

the process of electronic data being collected, secured and analyzed as part of civil or criminal legal cases

111
Q

Electronic Discovery Reference Model (EDRM)

A

a model that provides an overall look at the e-Discovery process

112
Q

encryption

A

the process of using an algorithm (or cipher) to convert plaintext (or the original information) into cipher text

113
Q

ephemeral storage

A

temporary storage that accompanies more permanent storage

114
Q

Evaluation Assurance Levels (EAL)

A

a numeric score that is assigned to a product to describe how thoroughly it was tested during the Common Criteria process

115
Q

event

A

an observable occurrence in a system or network

116
Q

factor

A

an individual method that can be used to authenticate an identity

117
Q

federated identity

A

the act of linking a user’s (or system’s) identity on one system with their identity on one or more other systems

118
Q

federation

A

the process of linking an entity’s identity across multiple separate identity management systems, like on-prem and cloud systems

119
Q

filtering

A

the process of selectively allowing or denying traffic or access to cloud resources

120
Q

FIPS 140-2

A

a US government standard and program that assesses and validates the security of cryptographic modules

121
Q

firewall

A

a hardware or software system that monitors and controls inbound and outbound network traffic

122
Q

full-scale test

A

a business continuity/disaster recovery test that involves shutting down all operations at the primary location and shifting the to the BCDR site; the only type of test that provides a complete view of what would happen during a disaster

123
Q

functional policies

A

policies that set guiding principles for individual business functions or activities

124
Q

functional testing

A

a type of software testing that evaluates individual functions, features or components of an application rather than the complete application as a whole

125
Q

gap

A

any deviation between what was discovered during the audit and the requirements in those standards/regulations/laws

126
Q

gap analysis

A

a comparison of actual results with desired results

127
Q

general data protection law (LGPD)

A

a Brazilian law that was published in 2018 and modeled after GDPR; it establishes standards for managing the privacy of Brazilian citizen personal data

128
Q

General Data Protection Regulation (GDPR)

A

considered by most to be the world’s strongest data privacy law; replaced the EU’s 1995 Data Protection Directive with hundreds of pages of regulations that require organizations around the world to protect the privacy of EU citizens

129
Q

Generally Accepted Privacy Principles (GAPP)

A

a privacy framework that was published in 2009 by a Privacy Task Force created by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA)

130
Q

governance

A

the policies, procedures, roles and responsibilities in place to ensure security, privacy, resiliency and performance

131
Q

Gramm-Leach-Bliley Act (GLBA)

A

aka the Financial Modernization Act of 1999, a US federal low that requires financial institutions to safeguard their customer’s PII

132
Q

Hardware Security Model (HSM)

A

a physical device that safeguards encryption keys

133
Q

hashing

A

the process of taking an arbitrary piece of data and generating a unique string or number of fixed-length from it

134
Q

health insurance portability and accountability act (HIPPA)

A

a law passed in 1996 that established minimum standards for protecting a patient’s privacy and regulates the use and disclosure of individuals’ health information, referred to as Protected Health Information (PHI)

135
Q

honeypot

A

a decoy system that mimics a sensitive system in order to lure attackers away from the legitimate target

136
Q

host cluster

A

a group of hosts that are physically or logically connected in such a way that they work together and function as a single host

137
Q

host-based DLP

A

data loss prevention that involves installation of a DLP application on a workstation or other endpoint device

138
Q

hybrid cloud

A

a cloud deployment model that uses a combination of at least two different cloud deployment models (public, private or community)

139
Q

https

A

TLS over HTTP - the gold standard for protecting web communications

140
Q

hypervisor

A

a computing layer that allows multiple operating systems to run simultaneously on the same piece of hardware, with each operating system seeing the machine’s resources as its own dedicated resources

141
Q

identification

A

the process by which you associate a system or user with a unique identity or name, such as a username or email address

142
Q

IAM

A

the sum of all the technologies, processes, and personnel that are responsible for controlling access to resources

143
Q

identity provider

A

a trusted third-party organization that stores user identities and authenticates your credentials to prove your identity to other services and applications

CCSP (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions